This shows you the differences between two versions of the page.
cns:labs:lab-05 [2020/11/09 15:54] dennis.plosceanu [1. Passing shellcode through the environment] |
cns:labs:lab-05 [2022/11/07 14:44] (current) mihai.dumitru2201 [Tasks] |
||
---|---|---|---|
Line 398: | Line 398: | ||
All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]]. | All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]]. | ||
- | |||
==== 1. Passing shellcode through the environment ==== | ==== 1. Passing shellcode through the environment ==== | ||
Line 425: | Line 424: | ||
print(p.recvline()) | print(p.recvline()) | ||
</code> | </code> | ||
+ | |||
+ | This way you can do the whole exploit with a python script: | ||
+ | - run ''getenv'' to leak the address | ||
+ | - parse the output of ''getenv'' | ||
+ | - build the payload and send to ''vuln'' | ||
</note> | </note> | ||